Thank you for your reply. I still have a question, one that may not be easy to answer. Is fedora-38 with SELinux more secure than debian minimal or fedora minimal - both of which have smaller attack surface?
On a related topic, does the SecureDrop Workstation use Fedora or Debian templates?
Is it likely that a new installation of the final
Qubes 4.2.0 is not necessary, if
-rc1 keeps being updated?
A post was split to a new topic: What distro is the SecureDrop workstation based on?
It looks as if we are on the master branch, if I understand correctly, therefore it should be OK to go with
Likely, but not definitely.
There could be changes to the installer or organisation that cannot be
resolved by simply updating an installed system.
The same could apply to people updating from an existing 4.1 installation.
i assume it was only for partition layout? any example?
in your free time, please do things for 4.2 so i can test and other gain benefit
good job; works flawless for me
“use more bandwith!” - Said the Qubes User uprading to 4.2 and installing debian12 & whonix17 templates afterwards
[FEATURE REQUEST] Add Salt support for Debian 12 · Issue #64223 · saltstack/salt · GitHub Salt themselfs dont offer debian 12 support yet
I use a ProxyVM as a VPN gateway using iptables and CLI scripts.
In Qubes OS 4.2, DomU firewalls have switched to nftables. I have not installed 4.2 yet.
Do the ProxyVM scripts need an update?
2 posts were split to a new topic: Error when opening KDE application menu
Any easy fixes for this error?
KDE installed → Application launcher key →
file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/Kickoff.qml:157:34: Type FullRepresentation unavailable file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/FullRepresentation.qml:43:5: KickoffButton is not a type
Oops @throwaway11, it looks like I made a mistake! I thought I was reading your post in a different context. I assume you’re testing R4.2 RC1, and your question seems perfectly on-topic. Please disregard my previous post and accept my apologies!
When using KDE Wayland, apps don’t show when launched. KDE X11 works as expected.
Qubes OS display protocol uses X and isn’t compatible with wayland.
I have been using 4.2.0-rc1 for a few hours. Looks great. The UI improvements appear to be more user friendly, such as the new dialogs when creating a new qube. The Qubes menu is nice but the qube name could be larger (the small font is not immediately readable). I think device handling is better as I have tried using conferencing software with an external USB webcam, which was quickly connected, I felt it was faster than 4.1 version.
The installer went with usb enabled on dom0 then I run the salt to enable sys-usb but it failed at the grub usb hiding step. nevertheless after reboot the sys-usb was there and rejecting usb input devices and after adding policy it was working fine.
My existing templates worked fine before upgrading their repository to qubes 4.2, so I used them and upgraded them in place. So far no problems.
I am testing on Ryzen 9 and have to say that 4.2 is running MUCH better than expected. Lots of UI issues, is this the best place to report - seems cumbersome to have to write up lots of issues on github. The only non UI issue I have come across so far (apart from avoiding mapping the USB controller for mouse and keyboard) is that when using USB ports the first device plugged into a controller works as expected, device avail, attach it, detach and all is well then the same socket does not work the second time (no detection). Move to another socket to get another attach… eventually run out of sockets/controllers and then plug a device into any port and sys-usb goes into an infinite loop saying device avail, attach, detach immediately, about once a second. Restarting sys-usb (disposable) fixes it and you can go again till you run out of ports.
Performance of the AMD is much better than expected as well due to its large L3 cache, 4x throughput in my application compared to an old i7 running smt (not running smt yet on AMD). Base system seems quite solid.
Sorry, but GitHub is indeed the right place to report issues:
I know it’s still early and there will be time for more technical users to elucidate the improvements from 4.1 to 4.2, but I’d also be very curious to understand the security implications of selinux introduction to fedora, and how that might change our thinking RE: fedora vs debian as default, minimal templates vs fedora-38-SELinux, versus kicksecure.
Given Debian-12 is available for Qubes testing is the expectation Qubes R4.2 will be released with Debian-12?